We use it to monitor gear we own, but those routers provide the customers connectivity into us and we have had the same thoughts about doing this service. I too, would love to hear anything anyone doing this can share.
Is no one selling their services? Or just no one that wants to give away their secrets? haha
We are doing some similar things...Kinda...
Our group (Network Services) is operationally responsible for all network infrastructure components in each of our data centers and associated campuses, as well as for all remote routers, but we are only responsible for LAN devices at remote facilities for business units that have subscribed to our Remote LAN Support service offering. For these locations, we are fully responsible for their various switches, AP's, UPS's, and such (no servers), which includes monitoring (Orion), config management (Cirrus), and admin access control via tacacs/radius (Cisco Secure ACS). For business units subscribing to this Remote LAN Support service, there is no additional charge for the monitoring tools, as they are part of the packaged service. For the most part, the business units subscribing to this service have decided to include all of their respective locations, as opposed to picking and choosing which ones to include or exclude.
Billing for our Remote LAN Support subscribers has historically been based on a VERY extensive, deterministic methodology that I won't even dare to try to explain, but we have been working on (and basically have built) a means to better align the service costs to the actual number and type of devices at each specific location plus the addition of costs associated with our FTE's and shared infrastructure costs such as central site routers and circuits, core switches, server farm switches, etc. The remote site specific costs are derived via a custom page integrated into our Orion website that performs various queries of the Orion database to display the division, business unit, site name, device model and counts, Smartnet service level, and circuit type and speed. In turn, we can export this to Excel and copy it to a spreadsheet that has the associated back-end smarts to spit out a price for each line item, along with a total for each division. Naturally, since we are using info from the Orion database, we have a single place to maintain inventory for billing (some of which is dynamic, along with some custom property manipulation). Ultimately, I would like to do away with the separate spreadsheet with the pricing variables, and simply have a page where the various item costs/rates can be configured from the web, and have the report automatically perform all the calculations and spit out the costs. Oh, if only I had the time... :(
We do have some divisions that have not fully bought into the Remote LAN Support service, but have instead decided to pick and choose the facilities for which this service is purchased. This includes locations that subscribe to our VoIP service offering, as it is stipulated that we must own operational responsibility for all the LAN equipment at VoIP sites. For the 1'sie, 2'sie sites like this, we offer either a flat rate per facility, per year, or a set price per device, per month for the full Remote LAN Support service offering. The more devices a given facility has, the more attractive the flat rate, per year option becomes. Again, the monitoring tool costs are included in the bundled price, so there is no separate line item for them.
Now, for the part you really asked about...
For a couple of years now, we have been toying around with the idea of a Remote LAN Monitoring solution. This would be a tools-only service offering in which we include a location's devices in our tools and provide access to the tools for the appropriate people, but we are not operationally responsible for the devices. My management team's thought process has tended to lean towards making the price of this service such that it makes more sense to buy into the full-blown Remote LAN Support service, but I think that thought process has changed. We just need to get together and finalize the service offering. We have actually been providing this service to one location for a couple of years (without charging them), as it was initially done as a proof of concept, but of course the project got side-tracked and the devices have remained in the tools ever since (go figure~).
At any rate, when we do finally formalize our "tools-only" Remote LAN Monitoring service, it will most likely be based on the number of devices and will be included in the web-based billing report that we generate from Orion. I see us formalizing this probably within the next 6 months.
As for providing access to Orion, we basically have somewhat of an open-door policy, whereby anyone inside our company can access the Orion website at any time. We use Windows pass-through authentication with local accounts on the Orion host server for users who have administrative privileges of one form or another, and specific views and associated shared local accounts for everyone else. Those who don't have their domain accounts configured in Orion will see a custom login page that has links to various filtered views (see attached screenshot), and the links include credentials in the URL's to log them into an account specific to each view. Naturally, the users with domain accounts configured in Orion are automatically logged in to their respective home summary view without being challenged. This has worked very well for us, and has lead to a much larger audience for the information in Orion (making it somewhat of a self-service tool), while allowing us to present views of specific areas of interest without the headaches of keeping up with hundreds or thousands of accounts. This methodology also scales very well for providing access to specific views as part of a "tools-only" service, as long as you don't have concerns around various customers seeing the views of others, but there are ways around that as well. All of our stuff is internal, so we really have nothing to hide... Well, almost nothing... :)
Well, that's the poop... Let me know if I was too vague... :P :)
Orion Login Page.zip 112.1 KB
Wow guys. That is great info! Vic, maybe vaque, but lots of info. Tells me that I'm likely only scratching the surface of what you are doing with Orion. If it's not too much trouble would you mind posting (or emailing for privacy sake) screenshots of some of your custom views? I like your login page - lots of info and options, gives me some ideas. Right now I just have the default Orion login page.
Thank you once again for the info...
I wouldn't say that there's anything really special about the views that we created for our various business units and such, but the idea behind providing access to multiple customers is to come up with a formula that works, and hopefully make it "cookie-cutter". In our case, what we did was create a view with all the resources we want to display for each of the various customers and saved it as a template. When we started building the individual views, we start by making a copy of the view template, giving it an appropriate name, and applying a view filter based on custom properties such as division or facility. We then created a local Orion user account with the same account limitation and selected the associated view as the "Home Page View" and "Default Summary View". These account credentials are then passed in the URL from the login page, which allows seamless, filtered access to Orion while reducing the number of local Orion accounts to manage.
One downside I see with this methodology is that if you want to make a change to the resources presented with them, you have to go in and change each one of the views individually. Ideally, one would create a single view that is shared by multiple customers, and simply limited via account limitations on their respective Orion accounts. This way, you're really only dealing with a single view. I tried to go this route initially, but ran into a bug where the account limitations were not being honored by such views as syslog and events. I believe this was resolved in later releases, so we will be revisiting this when we upgrade our environment. Again, keep in mind that this means of access relies on the fact that there are no security issues with multiple customers being able to see the views of others, being that the account creds are passed via the URL.
Just for grins and giggles, I attached screenshots of one of our internal customers' summary views. I had to page down several times to get the whole page, but you get the idea. Like I said, nothing real Earth-shattering here, but there are a few resources on here (described below) that we created for our environment. We will be changing these up a bit as part of our upcoming upgrades.
- The "Down Nodes" resource is not the one that comes out of the box, but is actually a report from Report Writer. The report shows nodes that are currently down, as well as any notes (Status Info) that have been entered via the web about the node by Network Services personnel, or our Data Center Operations folks who handle our first level WAN monitoring tasks.
- The "Down Interfaces" resource is also a report from Report Writer that is basically the same as the "Down Nodes" resource, but it also displays any interface that has experienced greater than 100 receive errors for the last hour.
- At the bottom of the first resource column is a resource showing the US Doppler Radar map representing a 1 hour animated loop of precipitation from weather.com. This is actually the same map found here http://www.weather.com/maps/maptype/dopplerradarusnational/index_large_animated.html, but I stripped away all the ads and other unnecessary stuff, and shrank it down proportionally to fit the width of the resource column.
There are some much more extensive customizations that we've implemented in our environment, but they are not necessarily specific to the topic at hand. Hopefully you've been able to get some ideas from some of the info in this thread.
Customer Summary View.zip 482.3 KB
We do exactly what you are looking for here. We sell 24/7 monitoring services, provide a unique login/view, send alerts, and then call out the appropriate people after designated times/troubleshooting. However, I am not aware of pricing of how we do so. I do know that we base this somewhat on average ticket resolution time, so there is a start if you have a ticketing system.